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We claim: 

1 X 1. A comput\er system capable of accessing and 

y controlling use of a watermarked software object, the 

3 system comprising: 

4 a processor; and 

5 a memory having computer executable instructions 

6 stored therein;! and 

7 wherein the processor, in response to the stored 

8 executable instructions: 

9 reads k specific one of a plurality of 

10 watermarks embedded in the software object so as to yield 

11 an actual watermark value, wherein the specific one 

12 watermark is defihed by a predefined value of a watermark 

13 key previously provided to and stored within the system; 

14 and \ 

15 sets usage rights applicable to the object in 

16 response to the acnual watermark value so as to control 

17 further use of the object by the computer system. 

1 2. The system in qlaim 1 wherein the object is either a 

2 passive or active object, the passive object comprising 

3 content and the active object comprising executable code. 

1 3. The system in claim 2 wherein, the processor, in 

2 response to the stored! instructions and as part of the 

3 usage rights setting operation, supplies the usage rights 

4 to an operating system executing in the computer system 

5 in order to set a protection state applicable to the 

6 object. \ 
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1 4. The system in claim 3 wherein the watermark key 

2 expires after a predefined period of time elapses and the 

3 processor, in response to the stored instructions, 

4 obtains a new! watermark key for subsequent use in lieu of 

5 the expired watermark key, wherein the new watermark key 

6 defines a different one of the plurality of watermarks 

7 embedded in th\e object. 



1 5. The system in claim 3 wherein the value of the 

2 watermark key defines a pointer to a location in the 

3 object at which! the specific one watermark appears. 

1 6. The system n_n claim 5 wherein the location is a 

2 starting locatior 

1 7. The system iW claim 5 wherein all of the plurality 

2 of said watermarks embedded in the object contain an 

3 identical watermark value. 

1 8. The system in\claim 7 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification value associated with the object and an 

4 identification value associated with the object provider. 



1 9. The system in claim 3 wherein the processor, in 

2 response to the storep instructions: 

3 reads a license for the object, the license 

4 specifying an expected value of a first parameter and the 

5 usage rights of the obnect; 
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6 compares the expected value of the first parameter 

7 against an Wctual value of the first parameter contained 

8 in the specific one watermark; 

9 if thelactual and expected values for first 

10 parameter del not identically match each other, prevents 

11 the object from being used. 

1 10. The systlem in claim 9 wherein the processor, in 

2 response to tjhe stored instructions: 

3 obtains an expected value of a second parameter 

4 communicated with the specific one object; 

5 extracts,! from the specific one watermark detected 

6 in the object,! the actual value of the first parameter 

7 and an actual value of the second parameter; 

8 compares the expected values of the first and second 

9 parameters agailnst the actual values of the first and 

10 second parameters, respectively; and 

11 if the actual values of the first and second 

12 parameters identically and respectively match the 

13 expected values of the first and second parameters, 

14 permits the object to be used in accordance with the 

15 usage rights specified in the license. 

1 11. The system in claim 10 wherein the processor, in 

2 response to the stored instructions, verifies that the 

3 license is signed fty the object provider specified 

4 through the actual lvalue of the second parameter found in 

5 the specific one watermark. 
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1 12. The system in claim 10 wherein the first and second 

2 parameters comprise a product identification (PID) value 

3 and a vendor 1 identification (V1D) value, respectively. 

1 13. The system in claim 9 wherein the license a 

2 decryption key. 

1 14. The system in claim 13 wherein the processor, in 

2 response to the stored instructions, generates a request 

3 for the license, wherein the request specifies the 

4 object. 1 

1 15. The system lin claim 14 wherein the request for the 

2 license further comprises a public key value associated 

3 with the computed system; and the license further 

4 comprises the expiected value of the first parameter and 

5 the usage rights.! 

1 16. The system in\ claim 15 wherein the license further 

2 comprises a signature generated through use of a public 

3 key associated witht a provider of the object, the 

4 signature being a function of the expected value of the 

5 first parameter and \the usage rights. 

1 17. The system in claim 16 wherein the processor, in 

2 response to the stored instructions: 

3 performs a licence verifying operation by: 

4 verifying, using a predefined cryptographic 

5 parameter stored in the computer system, the public key 

6 associated with the obiect provider so as to define a 

7 certified public key of! the object provider; and 
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8 verifying, using the certified public key of 

9 the object provider, the signature in the license as 

10 generated by the object provider so as to define a 

11 verified signature; and 

12 performs an \ extraction operation by extracting, from 

13 the verified signature, the expected value of the first 

14 parameter, the encryption key and the usage rights. 

1 18. The system in claim 17 wherein the value of the 

2 watermark key defilnes a pointer to a location in the 

3 object at which thle specific one watermark appears. 

1 19. The system in claim 18 wherein the location is a 

2 starting location. 1 

1 20. The system in Iclaim 18 wherein all of the plurality 

2 of said watermarks embedded in the object contain an 

3 identical watermark! value . 

1 21. The system in dlaim 20 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification value! associated with the object, as the 

4 first parameter, and! a vendor identification value 

5 associated with the Abject provider. 

1 22. The system in claim 17 wherein the processor, in 

2 response to the stored instructions: 

3 decrypts the objfect, as downloaded by the object 

4 provider to the computer system, using the decryption key 

5 specified in the license so as to yield a decrypted 

6 version of the object;! and 
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7 reads! the value of the specific one watermark in the 

8 decrypted Version of the object. 

1 23. The system in claim 22 wherein the decryption key is 

2 a symmetric! encryption key which has been previously 

3 used, by the object provider, to encrypt the object in 

4 order to produce the encrypted version of the object. 

1 24. The systlem in claim 22 wherein the watermark key 

2 expires after! a predefined period of time elapses and the 

3 processor, inlresponse to the stored instructions, 

4 obtains a new Watermark key for subsequent use in lieu of 

5 the expired watermark key, wherein the new watermark key 

6 defines a different one of the plurality of watermarks 

7 embedded in the object. 

1 25. The system! in claim 22 further comprising an 

2 enforcer having:! 

3 an encrypted store for storing the encrypted version 

4 of the object produced by the object provider; 

5 a decrypter \for decrypting, using the decryption 

6 key, the encryptea version of the object stored in the 

7 encrypted store si> as to yield a decrypted version of the 

8 object; 1 

9 an unencrypted buffer for storing the decrypted 

10 object; I 

11 a watermark detector for detecting the presence of 

12 the specific one watermark embedded in the decrypted 

13 version of the object and for obtaining therefrom the 

14 actual value of the! first parameter; and 

15 a license verifier which: 
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perfotrms the license verifying operation and, 



once the signat 
extraction oper 



are in the license is verified, the 
tion so as to yield the decryption key, 
the expected value of the first parameter and the usage 
rights ; 

compares the expected value against the actual 
value of the first parameter; and 



if the 
parameter do not 
in conjunction w: 
state to prevent 
the object while 
unencrypted buffe 



actual and expected values for first 
identically match each other, then sets, 
th the operating system, the protection 
further use of the decrypted version of 
the decrypted version remains in the 



26. The system im claim 25 wherein the processor, in 
response to the snored instructions: 
obtains an expected value of a second parameter 
communicated with fche specific one object; 

extracts, from the specific one watermark detected 
in the object, the tactual value of the first parameter 
and an actual value of the second parameter; 

compares the expected values of the first and second 
parameters against the actual values of the first and 
second parameters, Respectively; and 

if the actual vialues of the first and second 
parameters identically and respectively match the 
expected values of tne first and second parameter sets, 
in conjunction with tlhe operating system and consistent 
with the usage rights!, the protection state to govern use 
of the decrypted version of the object while the 
decrypted version remains in the unencrypted buffer. 
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1 27. The system in claim 26 wherein the first and second 

2 parameters comprise a product identification (PID) value 

3 and a vendor lidentif ication (VID) value, respectively. 

1 28. The system in claim 25 wherein if the license exists 

2 for the object!, the processor, in response to the stored 

3 instructions and through the license verifier, sets the 

4 usage rights to appropriate values so as to inhibit 

5 further use of Ithe decrypted object if the watermark 

6 detector fails Ito detect the specific one watermark in 

7 the decrypted version of the object. 

1 29. The systemlin claim 28 wherein either all or a 

2 portion of the enforcer is located either in the 

3 operating system or in a media card associated with the 

4 computer system.! 

1 30. The system in claim 28 wherein the operating system 

2 comprises a digitlal rights management system having a 

3 license database Which stores the license, and, 

4 subsequently, in Response to a request issued by the 

5 computer system to access the object, provides the 

6 license to the enforcer. 

1 31. The system in Iclaim 30 wherein the request for the 

2 license further comprises an authorization for payment of 

3 a predefined fee in! exchange for the license. 

1 32. The system in dlaim 28 wherein the value of the 

2 watermark key defines a pointer to a location in the 

3 object at which the specific one watermark appears. 
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1 33. The system in claim 32 wherein the location is a 

2 starting loaation. 

1 34. The system in claim 32 wherein all of the plurality 

2 of said watermarks embedded in the object contain an 

3 identical wattermark value. 

1 35. The system in claim 34 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification value associated with the object, as the 

4 first parameter, and a vendor identification value 

5 associated witlh the object provider. 

1 36. The system in claim 28 wherein the decryption key is 

2 a symmetric encryption key which has been previously 

3 used, by the obrject provider, to encrypt the object in 

4 order to produce the encrypted version of the object. 

1 37. The system \in claim 28 wherein the watermark key 

2 expires after a predefined period of time elapses and the 

3 processor, in response to the stored instructions, 

4 obtains a new watiermark key for subsequent use in lieu of 

5 the expired watermark key, wherein the new watermark key 

6 defines a different one of the plurality of watermarks 

7 embedded in the object . 



1 
2 
3 



38. The system inlclaim 3 wherein the processor, in 
response to the stared instructions, downloads the 
object, via a network connection, from a first server. 
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1 39. The system in claim 38 wherein the watermark key 

2 expires aftler a predefined period of time elapses and the 

3 processor, p_n response to the stored instructions, 

4 obtains a new watermark key for subsequent use in lieu of 

5 the expired 1 watermark key, wherein the new watermark key 

6 defines a different one of the plurality of watermarks 

7 embedded in the object. 



1 40. The system in claim 38 wherein the value of the 

2 watermark keM defines a pointer to a location in the 

3 object at whilch the specific one watermark appears-. 

1 41. The system in claim 40 wherein the location is a 

2 starting location. 

1 42. The system in claim 40 wherein all of the plurality 

2 of said watermarks embedded in the object contain an 

3 identical watermark value, 

1 43. The system \in claim 42 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification value associated with the object and a 

4 vendor identif icc\tion value associated with the object 

5 provider. 



1 44. The system in claim 38 wherein the processor, in 

2 response to the stored instructions: 

3 reads a license for the object, the license 

4 specifying an expedted value of a first parameter and the 

5 usage rights of the! object; 
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15 



6 compares the expected value of the first parameter 

7 against an\ actual value of the first parameter contained 

8 in the specific one watermark; 



9 if the\ actual and expected values for first 

\ 

10 parameter d6 not identically match each other, prevents 

\ 

11 the object f^rom being used. 

\ 
t 

\ 

\ 

1 45. The systiem in claim 44 wherein the processor, in 

2 response to tpe stored instructions: 

3 obtains an expected value of a second parameter 

1 

4 communicated with the specific one object; 

5 extracts,! from the specific one watermark detected 

6 in the object,! the actual value of the first parameter 

7 and an actual value of the second parameter; 

8 compares Ihe expected values of the first and second 

9 parameters agailnst the actual values of the first and 

10 second parameters, respectively; and 

11 if the actiial values of the first and second 

12 parameters identically and respectively match the 

13 expected values lof the first and second parameters, 

14 permits the object to be used in accordance with the 



usage rights specified in the license, 



1 46. The system in claim 45 wherein the processor, in 

2 response to the stiored instructions, verifies that the 

1 

3 license is signed py the object provider specified 

4 through the actual! value of the second parameter found in 

5 the specific one watermark. 



1 

2 
3 

1 
2 

1 
2 
3 
4 
5 



l\ 



47. The syst 



sm in claim 45 wherein the first and second 



and a vendor 
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parameters comprise a product identification (PID) value 



.dentif ication (VID) value, respectively, 



response to th 
from a second 



48. The system in claim 44 wherein the license comprises 
a decryption key. 

49. The system in claim 40 wherein the processor, in 



iB stored instructions, obtains the license 
server and via a network connection 
existing between the computer system and the second 
server. 



1 50. The system in claim 49 wherein the first and second 

2 servers are the! same. 

1 51. The system lin claim 49 wherein the request for the 

2 license further comprises a public key value associated 

3 with the computer system; and the license further 

4 comprises the expected value of the first parameter and 

5 the usage rights, 



1 52. The system inl claim 51 wherein the processor, in 

2 response to the stored instructions, generates a request, 

3 via a network connection, to the second server for the 

4 license, wherein the request specifies the object. 



1 
2 
3 



53. The system in ciLaim 52 wherein the license further 
comprises a signature generated through use of a public 
key associated with a provider of the object, the 
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4 signature being a function of the expected value of the 

5 first parameter and the usage rights. 
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54. The system in claim 53 wherein the processor, in 
response to the stored instructions: 

performs e license verifying operation by: 

verifying, using a predefined cryptographic 



parameter store 
associated wit* 
certified publi 



d in the computer system, the public key 

the object provider so as to define a 
c key of the object provider; and 
verifying, using the certified public key of 
the object provider, the signature in the license as 
generated by ths object provider so as to define a 
verified signature; and 

performs an extraction operation by extracting, from 
the verified signature, the expected value of the first 
parameter, the encryption key and the usage rights. 



1 55. The system jm claim 54 wherein the value of the 

2 watermark key deflines a pointer to location in the object 

3 at which the specific one watermark appears. 

1 56. The system iq claim 55 wherein the location is a 

2 starting location.] 



1 57. The system in Iclaim 55 wherein all of the plurality 

2 of said watermarks lembedded in the object contain an 

3 identical watermark! value . 



1 
2 



58. The system in dlaim 57 wherein the identical 
watermark value contains a concatenation of a product 
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3 identification value associated with the object, as the 

4 first parameter, and a vendor identification value 

5 associated With the object provider. 

1 59. The system in claim 54 wherein the processor, in 

2 response to the stored instructions: 

3 decrypts the object, as downloaded by the object 

4 provider to the computer system, using the decryption key 

5 specified in the license so as to yield a decrypted 

6 version of the object; and 

7 reads the value of the specific one watermark in the 

8 decrypted version of the object. 

1 60. The system in claim 59 wherein the decryption key is 

2 a symmetric encryption key which has been previously 

3 used, by the object provider, to encrypt the object in 

4 order to produce the encrypted version of the object. 

1 61. The systemlin claim 59 wherein the watermark key 

2 expires after a predefined period of time elapses and the 

3 processor, in response to the stored instructions, 

4 obtains a new watermark key for subsequent use in lieu of 

5 the expired wateronark key, wherein the new watermark key 

6 defines a different one of the plurality of watermarks 

7 embedded in the object. 

1 62. The system inl claim 59 further comprising an 

2 enforcer having: 1 

3 an encrypted store for storing the encrypted version 

4 of the object produced by the object provider; 

i 
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5 a decry^ter for decrypting, using the decryption 

6 key, the encrWpted version of the object stored in the 

7 encrypted store so as to yield a decrypted version of the 

8 object; 1 

9 an unencrypted buffer for storing the decrypted 

10 object; 1 

11 a watermark detector for detecting the presence of 

12 the specific one watermark embedded in the decrypted 

13 version of the object and for obtaining therefrom the 

14 actual value off the first parameter; and 

15 a license (verifier which: 

16 perfolrms the license verifying operation and, 

17 once the signature in the license is verified, the 

18 extraction operation so as to yield the decryption key, 

19 the expected value of the first parameter and the usage 

20 rights; 1 

21 compares the expected value against the actual 

22 value of the first watermark; and 

23 if thelactual and expected values for first 

24 parameter do not lidentically match each other, then sets, 

25 in conjunction wilth the operating system, the protection 

26 state to prevent turther use of the decrypted version of 

27 the object while Ihe decrypted version remains in the 

28 unencrypted buffer. 

1 63. The system inl claim 62 wherein the processor, in 

2 response to the stored instructions: 

3 obtains an expected value of a second parameter 

4 communicated with tne specific one object; 

\ 

\ 
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extracts, f 



in the object, the actual value of the first parameter 



and an actual va 
compares th 
parameters again 
second parameter 



if the actual value of the first and second 



parameters ident 
expected values 
in conjunction vy 
with the usage r 



64. The system 
parameters comp 
and a vendor i 



65. The system 
for the object, 
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rom the specific one watermark detected 



lue of the second parameter; 
e expected values of the first and second 
st the actual values of the first and 
s, respectively; and 



ically and respectively match the 
of the first and second parameter sets, 
ith the operating system and consistent 
ights, the protection state to govern use 
of the decrypted version of the object while the 
decrypted version remains in the unencrypted buffer. 



in claim 63 wherein the first and second 
ise a product identification (PID) value 
d^ntif ication (VID) value, respectively. 



in claim 62 wherein if the license exists 
the processor, in response to the stored 



instructions ana through the license verifier, sets the 



usage rights to 
further use of 
detector fails 



appropriate values so as to inhibit 
the decrypted object if the watermark 
to detect the specific one watermark in 



66. The system 
portion of the 



the decrypted version of the object- 



in claim 65 wherein either all or a 
enforcer is located either in the 
operating system or in a media card associated with the 
computer system. 
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67 . The system in 
comprises a digital 



laim 65 wherein the operating system 

rights management system having a 
i 

license database wfjich stores the license, and, 
subsequently, in response to a request issued by the 

access the object, provides the 
brcer. 



computer system to 
license to the enf 



68 



The system in 



claim 67 wherein the request for the 



license further comprises an authorization for payment of 



n exchange for the license. 



a predefined fee i 



69. The system in claim 65 wherein the value of the 
watermark key defines a pointer to a location in the 



object at which t 

70. The system i 
starting location 



le specific one watermark appears, 



i claim 69 wherein the location is a 



71. The system in claim 69 wherein all of the plurality 
of said watermarks embedded in the object contain an 

irk value. 



identical waterma 



72. The system i 
watermark value 
identifier associ 
associated with 



73. The system i 
servers are the s 



n claim 71 wherein the identical 
cpntains a concatenation of a product 

ated with the object and an identifier 
tpne object provider. 



n claim 62 wherein the first and second 
ame . 
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1 74. The system in clafLm 62 wherein the decryption key is 

2 a symmetric encryption key which has been previously 

3 used, by the object provider, to encrypt the object in 

4 order to produce the encrypted version of the object. 
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75. The system in claim 62 wherein the watermark key 
expires after a predefined period of time elapses and the 
processor, in response to the stored instructions, 
obtains a new waterirfark key for subsequent use in lieu of 
the expired watermaik key, wherein the new watermark key 
defines a different one of the plurality of watermarks 



embedded in the obi 

76. The system in 
response to the sto 
watermark key, via 
server . 



77. The system in 
either the same as 
associated with a 



set. 



The system in 



claim 62 wherein the processor, in 
red instructions, obtains the new 
a network connection, from a third 



claim 62 wherein the third server is 
the first or second server, or is 
ird party watermarking authority. 



th 



claim 77 wherein the first and second 



servers are the same 



79. In a computer 
having computer 
method, implement 
instructions, for 
watermarked so ft war 



executable 



ed 



system having a processor and a memory 
e instructions stored therein, a 
through execution of the stored 
accessing and controlling use of a 
e object comprising the steps of: 
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reading a spe 
embedded in the so 
watermark value, wh 
defined by a prede 
previously providec. 

setting usage 
response to the act. 
further use of the 
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ific one of a plurality of watermarks 
ftware object so as to yield an actual 
erein the specific one watermark is 
ined value of a watermark key 

to and stored within the system; and 
rights applicable to the object in 
ual watermark value so as to control 
object by the computer system. 



80. The method in 
a passive or activ$ 
content and the ad: 

81. The method in 
setting step compr:_ 
rights to an operat 
system in order to 
the object. 



claim 79 wherein the object is either 

object, the passive object comprising 
ive object comprising executable code. 

claim 80 wherein the usage rights 
ses the step of supplying the usage 
ing system executing in the computer 
et a protection state applicable to 



pre de 



82. The method in 
expires after a 
further comprising 
key for subsequent 
key, wherein the ne 
one of the plurali 
object . 



laim 81, wherein the watermark key 
fined period of time elapses, 
the step of obtaining a new watermark 
se in lieu of the expired watermark 
watermark key defines a different 
t\/ of watermarks embedded in the 
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83. The method in claim 81 wherein the value of the 
watermark key defines a pointer to a location in the 
object at which the specific one watermark appears. 
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1 84. The methbd in claim 83 wherein the location is a 

2 starting location. 

1 85. The method in claim 83 wherein all of the plurality 

2 said watermarks embedded in the object contain an 

3 identical watermark value, 



1 
2 
3 
4 

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 



86. The method in claim 85 wherein the identical 
watermark value contains a concatenation of a product 
identification value associated with the object and an 



identification 



value associated with the object provider. 



87. The method 

reading a 
specifying an e> 
usage rights of 
comparing t 



in claim 81 comprising the steps of: 
.icense for the object, the license 
pected value of a first parameter and the 
the object: 

le expected value of the first parameter 
against an actual value of the first parameter contained 
in the specific one watermark; 

if the actual and expected values for first 
parameter do not identically match each other, preventing 
the object from qeing used. 



1 88. The method ih claim 87 comprising the steps of: 

2 obtaining an expected value of a second parameter 

3 communicated with] the specific one object; 

4 extracting, from the specific one watermark detected 

5 in the object, the actual value of the first parameter 

6 and an actual value of the second parameter; 



second param 
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comparing the expected values of the first and 



sters against the actual values of the first 



9 and second parameters , respectively; and 

10 if the Actual values of the first and second 

11 parameters identically and respectively match the 

12 expected valines of the first and second parameters, 

13 permitting thje object to be used in accordance with the 

14 usage rights Specified in the license. 



1 89. The method in claim 88 comprising the step of 

2 verifying that the license is signed by the object 

3 provider specified through the actual value of the second 

4 parameter found in the specific one watermark. 

1 90. The method in claim 88 wherein the first and second 

2 parameters comprise a product identification (PID) value 

3 and a vendor ildentif ication (VID) value, respectively. 

1 91. The method in claim 87 wherein the license comprises 

2 a decryption key. 

1 92. The method in claim 91 comprising the step of 

2 generating a request for the license, wherein the request 

3 specifies the abject. 



1 93. The method in claim 92 wherein the request for the 

2 license further comprises a public key value associated 

3 with the computer system; and the license further 

4 comprises the expected value of the first parameter and 

5 the usage rights. 
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1 94. The met\hod in claim 93 wherein the license further 

2 comprises a Signature generated through use of a public 

3 key associated with a provider of the object, the 

4 signature being a function of the expected watermark 

5 value, the uaage rights. 

1 95. The method in claim 94 further comprising the steps 

2 of: 1 

3 performing a license verifying operation by: 

4 verifying, using a predefined cryptographic 

5 parameter stored in the computer system, the public key 

6 associated wit ft the object provider so as to define a 

7 certified public key of the object provider; and 

8 verifying, using the certified public key of 

9 the object provlider, the signature in the license as 

10 generated by the object provider so as to define a 

11 verified signature; and 

12 performing lan extraction operation by extracting, 

13 from the verified signature, the expected value of the 

14 first parameter,! the encryption key and the usage rights. 

1 96. The method in claim 95 wherein the value of the 

2 watermark key deflines a pointer to a location in the 

3 object at which tne specific one watermark appears. 

1 97. The method in claim 96 wherein the location is a 

2 starting location. 
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98. The method in claim 96 wherein all of the plurality 
of said watermarks embedded in the object contain an 
identical watermark value. 
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1 99. The method in claim 98 wherein the identical 

2 watermark vAlue contains a concatenation of a product 

3 identification value associated with the object, as the 

4 first parameter, and a vendor identification value 

5 associated wjith the object provider. 

1 100. Thfe method in claim 95 comprising the steps of: 

2 decrypting the object, as downloaded by the object 

3 provider to the computer system, using the decryption key 

4 specified in the license so as to yield a decrypted 

5 version of the object; and 

6 reading the value of the specific one watermark in 

7 the decrypted version of the object. 

1 101. The method in claim 100 wherein the decryption key 

2 is a symmetric encryption key which has been previously 

3 used, by the object provider, to encrypt the object in 

4 order to produce the encrypted version of the object. 
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102. The methcbd in claim 100, wherein the watermark key 
expires after a predefined period of time elapses, 
further comprising the step of obtaining a new watermark 
key for subsequent use in lieu of the expired watermark 
key, wherein the new watermark key defines a different 
one of the plurality of watermarks embedded in the 
obj ect . 



103. The 
of downloading 



a first server 



method in claim 81 further comprising the step 

the object, via a network connection, from 



V 



* -123- 

1 104. The method in claim 103, wherein the watermark key 

2 expires after a predefined period of time elapses, 

3 further comprising the step of obtaining a new watermark 

4 key for subsequent use in lieu of the expired watermark 

5 key, wherein the new watermark key defines a different 

6 one of the plurality of watermarks embedded in the 

7 object. 1 

1 105. The method in claim 103 wherein the value of the 

2 watermark key defines a pointer to a location in the 

3 object at which! the specific one watermark appears. 

1 106. The method! in claim 105 wherein the location is a 

2 starting location. 

1 107. The method kn claim 105 wherein all of the plurality 

2 of said watermarks embedded in the object contain an 

3 identical watermark value. 

1 108. The method in claim 107 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification vaiue associated with the object and a 

4 vendor identification value associated with the object 

5 provider. 1 

1 109. The method in Iclaim 103 comprising the steps of: 

2 reading a license for the object, the license 

3 specifying an expected value of a first parameter and the 

4 usage rights of the object: 
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5 comparing the expected value of the first parameter 

6 against the actual value of the first parameter contained 

7 in the specific one watermark; 

8 if the! actual and expected values for first 

9 parameter dd> not identically match each other, preventing 
10 the object from being used. 

1 110. The method in claim 109 further comprising the steps 

2 of: 

3 obtaining an expected value of a second parameter 

4 communicated Iwith the specific one object; 

5 extracting, from the specific one watermark detected 

6 in the objectl the actual value of the first parameter 

7 and an actual! value of the second parameter; 

8 comparing the expected values of the first and 

9 second parameters against the actual values of the first 

10 and second parameters, respectively; and 

11 if the actual values of the first and second 

12 parameters identically and respectively match the 

13 expected value! of the first and second parameters, 

14 permitting the lobject to be used in accordance with the 

15 usage rights specified in the license. 

1 111. The method in claim 110 further comprising the step 

2 of verifying than: the license is signed by the object 

3 provider specified through the actual value of the second 

4 parameter found in the specific one watermark. 

1 112. The method ijn claim 110 wherein the first and second 

2 parameters comprise a product identification (PID) value 

3 and a vendor identification (VID) value, respectively. 
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1 113. The methbd in claim 109 wherein the license 

2 comprises a decryption key. 
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114. The methdd in claim 105 further comprising the step 
of obtaining the license from a second server and via a 



network connec 
and the second 



ion existing between the computer system 
server . 



115. The methoc in claim 114 wherein the request for the 



license further 
with the comput 
comprises the e 
the usage right 



comprises a public key value associated 
ar system; and the license further 
<pected value of the first parameter and 



116. The method 
of generating a 



in claim 115 further comprising the step 
request, via a network connection, to the 
second server fdr the license, wherein the request 
specifies the object. 

117. The method In claim 116 wherein the license further 
comprises a signature generated through use of a public 
key associated wilth a provider of the object, the 
signature being at function of the expected watermark 
value, the usage rights. 



1 118. The method in\ claim 116 further comprising the steps 

2 of: 

3 performing a license verifying operation by: 

4 verifying, using a predefined cryptographic 

5 parameter stored in\ the computer system, the public key 
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associated wi^h the object provider so as to define a 
certified public key of the object provider; and 

verifying, using the certified public key of 
the object provider, the signature in the license as 
generated by the object provider so as to define a 
ture; and 

j an extraction operation by extracting, 
Led signature, the expected value of the 
::, the encryption key and the usage rights, 



verified signa 
perf ormin 
from the verif 
first paramete 



119. The method in claim 118 wherein the value of the 
watermark key cefines a pointer to a location in the 
object at which the specific one watermark appears. 



120. The method 
starting location, 



121. The method 



in claim 119 wherein the location is a 



in claim 119 wherein all of the plurality 
of said watermarlks embedded in the object contain an 
identical watermark value. 



1 122. The method in claim 121 wherein the identical 

2 watermark value contains a concatenation of a product 

3 identification vallue associated with the object, as the 

4 first parameter, and a vendor identification value 

5 associated with the object provider. 



1 123. The method ir| claim 118 further comprising the steps 

2 of: 

3 decrypting thfe object, as downloaded by the object 

4 provider to the computer system, using the decryption key 
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specified i 
version of 
readi 
the decrypt 



m the license so as to yield a decrypted 
l|he object; and 
ncj the value of the specific one watermark in 
d version of the object. 



124. The method in claim 59 wherein the decryption key is 
:ric er 



a symmet] 



used, by the 



ncryption key which has been previously 
object provider, to encrypt the object in 



order to produce the encrypted version of the object, 



125. The method in claim 59, wherein the watermark key 



expires aftei 
further compr 
key for subse 
key, wherein 
one of the pi 
object . 



a predefined period of time elapses, 
ising the step of obtaining a new watermark 
quent use in lieu of the expired watermark 
the new watermark key defines a different 
arality of watermarks embedded in the 



12 6. A computer readable medium having computer 



executable ins 
steps of clairr 

127. Apparatus 
for accessing 



tructions stored therein for performing the 
79. 

for a networked client-server environment, 
software object from a first server and 



a client 
client compute 



using the object so accessed, the apparatus comprising: 



qomputer connected to the network, the 
having: 



a processor; and 



a mem 
instructions st 



Dry having computer executable 
ored therein; and 
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wherein the processor, in response to the 
stored executable instructions: 

i issues, in response to input information, 
a download request to the first server to download a file 
containing a software object; 

I obtains the file containing a watermarked 
version of thq software object from the first server; 

reads a specific one of a plurality of 
dded in the software object downloaded 
server so as to yield an actual watermark 
the specific one watermark is defined by a 
ijie of a watermark key previously provided 
ithin the client computer; and 
sets usage rights applicable to the object 
the actual watermark value so as to 
control further! use of the object by the client computer; 
and 1 

the first server connected to the network, wherein 
the server: I 

in response to the download request, accesses 
the watermarked Version of the software object, wherein a 
plurality of watermarks have been embedded into the 



watermarks emb 
from the first 
value, wherein 
predefined val 
to and stored 

in response to 



object, and down 
watermarked versa 
computer . 



oading the file containing the 

on of the software object to the client 



128. The apparat 
object is either 
object comprising 
comprising execu 



in claim 127 wherein the software 
a passive or active object, the passive 
content and the active object 
tkble code. 
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12 9. The appai 
in response to 
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atus in claim 128 wherein, the processor, 
the stored instructions and as part of the 
usage rights getting operation, supplies the usage rights 
to an operating system executing in the client computer 
in order to set a protection state applicable to the 
software objeqt. 



1 130. The apparatus in claim 129 wherein the value of the 

2 watermark key befines a pointer to a location in the 

3 software objec^ at which the specific one watermark 

4 appears. 

1 131. The apparaltus in claim 130 wherein the location is a 

2 starting location. 

1 132. The apparatus in claim 130 wherein all of the 

2 plurality of said watermarks embedded in the software 

3 object contain An identical watermark value. 



1 133. The apparatus in claim 130 wherein 

2 the processor: 

3 issues, in response to further input 

4 information, a request to a second server to obtain a 

5 license to use the software object, wherein the request 

6 specifies the software object; 

7 compares an expected value of a first 

8 parameter contained in the license against an actual 

9 value of the firs^ parameter contained in the specific 

10 one watermark; 

11 if Ithe actual and expected values for the 

12 first parameter do\ not identically match each other, 
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prevents the software object from being used by the 



client compute:' 
the i: 

request : 



; and 

irst server, in response to the license 



generates a license specifying the 
expected value pf the first parameter and the usage 
rights of the software object accorded to the client 
computer by the object provider; and 

ransmits the license, via the network, to 
the client computer. 
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134. The apparatus in claim 133 wherein the processor, in 

response to the stored instructions: 

obtains an expected value of a second parameter 

communicated with the specific one object; 

extracts, fprom the specific one watermark detected 

in the object, the actual value of the first parameter 

and an actual vaLue of the second parameters- 
compares the expected values of the first and second 

parameters against the actual values of the first and 

second parameters;, respectively; and 



if the actus 
parameters identi 
expected values o 



1 values of the first and second 
.cally and respectively match the 
the first and second parameters, 
permits the object to be used in accordance with the 
usage rights specified in the license. 



1 135. The apparatus in claim 134 wherein the processor in 

2 response to the stored instructions, verifies that the 

3 license is signed by the object provider specified 
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through the 
the specific 



ctual value of the second parameter found in 
one watermark. 



136. The apparatus in claim 134 wherein the first and 
second parameters comprise a product identification (PID) 
value and a ^endor identification (VID) value, 
respectively. 



137. The appa 
further compr 

138. The appa 
the license f 



atus in claim 133 wherein the license 
ses a decryption key. 

datus in claim 137 wherein the request for 
urther comprises a public key value 



associated witi a provider of the object and a computer 



identification 
computer . 



value both associated with the client 



tus in claim 138 wherein the server, in 
license request: 

e watermarked object specified in the 



139. The apparel 
response to the 
accesses t\ 
request ; 

encrypts tftie watermarked object using a predefined 
encryption key; land 

generates al cryptographic signature using a public 
key associated wiLth the provider of the object, wherein 
the signature isla function of the expected value of the 
first parameter and the usage rights. 
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140. The apparatus in claim 139 wherein the license 
request further comprises a computer identification 
number associated with the client computer, and the file 
downloaded to the client computer further comprises the 



public key of th 

141. The apparat 
establishes 
a database assodi 
software object 

subsequentl 
license and in 
value of the cl 
associate the pa 
client computer 



142. The apparat 
to encrypting th 
with the object, 
particular copy 
client computer, 
watermarked obje 
client computer a 
software object 



e server. 

us in claim 140 wherein the server: 

in response to the request, an entry in 
ating the particular copy of the 
with the encryption key; and 
y, in conjunction with issuing the 
sponse to the computer identification 
computer, updates the entry to 
rticular copy of the software object with 



ient 



as in claim 141 wherein the server, prior 
s object, provides a fingerprint value 
the fingerprint uniquely identifying a 
cj>f the object to be downloaded to the 
so as to define a fingerprinted 
t which, in turn, is downloaded to the 
s the watermarked version of the 



1 143. The apparatus in claim 140 wherein the processor, in 

2 response to the stored instructions: 

3 performs a license verifying operation by: 

4 verifying, using a predefined cryptographic 

5 parameter stored i|n the client computer, the public key 
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associated w 



ver 



generated by 
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th the object provider so as to define a 



certified public key of the object provider; and 



ifying, using the certified public key of 



the object provider, the signature in the license as 



the object provider so as to define a 



verified signature; and 



performs 
the verified 
parameter, th 



144. The appa 
watermark key 



an extraction operation by extracting, from 
signature, the expected value of the first 
5 encryption key and the usage rights. 



:atus in claim 143 wherein the value of the 
defines a pointer to a location in the 
watermarked object at which the specific one watermark 
appears , 



145. The apparatus in claim 144 wherein the location is a 
starting location. 

146. The apparatus in claim 143 wherein all of the 
plurality of said watermarks embedded in the object 
contain an identical watermark value. 
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147. The apparatus in claim 146 wherein the identical 
watermark value! contains a concatenation of a product 
identification value associated with the object, as the 



first parameter, 
associated with 



and a vendor identification value 
the object provider. 
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148. The apparatus in claim 146 wherein the processor, in 



response to 

decrypt 
provider to 
specified in 
version of t 



the stored instructions: 

s the object, as downloaded by the object 
the client computer, using the decryption key 
the license so as to yield a decrypted 
ie object; and 



reads the value of the specific one watermark in the 
decrypted version of the object. 

149. The apparatus in claim 148 wherein the decryption 
key is a symmetric encryption key which has been 
previously used, by the object provider, to encrypt the 
object in order to produce the encrypted version of the 
object 



150. The appa 
identif icatior 



151. The appa 
second server 



ratus in claim 143 wherein the computer 
value is a processor serial number. 



rlatus in claim 143 wherein the first and 
are the same . 



152. The apparatus in claim 143 wherein the watermark 
values contains a concatenation of a product 
identification value associated with the software object, 
as the first parameter, and a vendor identification value 



associated with 



153. In a netwop: 
for accessing a 
using the objec 
steps of: 



the object provider. 

ked client-server environment, a method 
software object from a first server and 
so accessed, the method comprising the 
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in a clien 
client computer 



t computer connected to the network, the 
having a processor, and a memory having 



computer executable instructions stored therein, the 



steps, performed 
instructions, of 
issuir 
download request 



in response to the executable 
and 

g, in response to input information, a 
to the first server to download a file 
containing a * software object; 

obtaining the file containing a watermarked 
version of the software object from the first server; 

reading a specific one of a plurality of 
watermarks embedded in the software object downloaded 
from the first server so as to yield an actual watermark 

lie specific one watermark is defined by a 
of a watermark key previously provided 
to and stored witthin the client computer; and 

setting usage rights applicable to the object 
in response to thle actual watermark value so as to 
control further ujpe of the object by the client computer; 
and 



value, wherein t 
predefined value 



in the first 
steps, in response 



server connected to the network, the 
to the download request of: 



accessing the watermarked version of the 



software object, w 
been embedded into 



herein a plurality of watermarks have 
the object; and 



version of the sof 



downloading the file containing the watermarked 



ware object to the client computer. 
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1 154. The method in\ claim 153 wherein the software object 

2 is either a passive or active object, the passive object 

3 comprising content \ and the active object comprising 

4 executable code. 
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155. The method in claim 154 wherein the usage rights 
setting step comprises the step of supplying the usage 



rights to an operat:. 
computer in order to 
the software object 

156. The method in c 
watermark key define 
software object at w 
appears . 



ng system executing in the client 
set a protection state applicable to 



laim 155 wherein the value of the 
3 a pointer to a location in the 
lich the specific one watermark 



1 157. The method in cllaim 156 wherein the location is a 

2 starting location. 
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158. The method in cl 
of said watermarks 
contain an identical v\ 



im 156 wherein all of the plurality 
embedded in the software ob j ect 
atermark value. 



159. The method in cla 
of: 

in the client computer 
issuing 

information, a request 



im 156 further comprising the steps 



license to use the software object, wherein the request 



specifies the software 



in response to further input 
to a second server to obtain a 



object; 
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f twa 



arid 



parameter contained 
value of the first 
one watermark; and 

if 

first parameter do 
preventing the so 
client computer; 

in the f 

request : 

gene 

expected value of 
rights of the softw 
computer by the okr 

tr 

to the client compufc 



comparing an expected value of a first 
in the license against an actual 
parameter contained in the specific 
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le actual and expected values for 
not identically match each other, 
re object from being used by the 



rst server, in response to the license 

rating a license specifying the 
he first parameter and the usage 
are object accorded to the client 
ect provider; and 

tting the license, via the network, 
er . 



ansmi 



160. The method in claim 159 further comprising the 

steps, in the client computer, of: 

obtaining an expected value of a second parameter 

communicated with toe specific one objects- 
extracting, from the specific one watermark detected 

in the object, the actual value of the first parameter 

and an actual value of the second parameters- 
comparing the expected values of the first and 

second parameters agaknst the actual values of the first 

and second parameters! respectively; and 

if the actual vaiues of the first and second 

parameters identically! and respectively match the 

expected values of thel first and second parameters, 
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permitting the obje 
usage rights specif 

161. The method in 
step, in the client 



cfct to be used in accordance with the 
ed in the license. 

claim 160 further comprising the 
computer, of verifying that the 



license is signed by the object provider specified 



through the actual 



the specific one watermark 



162. The method in 
parameters comprise 
and a vendor ident 

163. The method in 
comprises a decrypt 



164 . The method in 
license further coifip 
with a provider of 
identification valili 
computer . 



value of the second parameter found in 



claim 160 wherein the first and second 

a product identification (PID) value 
fication (VID) value, respectively. 

claim 159 wherein the license further 
ion key. 



claim 163 wherein the request for the 

rises a public key value associated 
the object and a computer 
e both associated with the client 



claim 164 further comprising the 
r and in response to the license 

watermarked object specified in the 

watermarked object using a predefined 



165. The method in 
steps, in the serve: 
request, of: 

accessing the 
request; 

encrypting the 1 
encryption key; and 

generating a cryptographic signature using a public 
key associated with the provider of the object, wherein 
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the signaturle 
first parame 
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is a function of the expected value of the 
ter and the usage rights. 



166. The method in claim 165 wherein the license request 
further comprises a computer identification number 
associated w:.th the client computer, and the file 
downloaded to the client computer further comprises the 
public key of the server. 



167. The method in claim 166 further comprising the 
steps, in the server, of: 

establishing, in response to the request, an entry 
in a database associating the particular copy of the 
software object with the encryption key; and 

subsequently, in conjunction with issuing the 
license and in response to the computer identification 
value of the client computer, updating the entry to 
associate the particular copy of the software object with 
client computer. 

168. The method in claim 167 further comprising the 
steps, in the server and, prior to encrypting the object, 
of providing a fingerprint value with the object, the 
fingerprint uniquely identifying a particular copy of the 
object to be downloaded to the client computer, so as to 
define a fingerprinted watermarked object which, in turn, 
is downloaded to the client computer as the watermarked 
version of the software object. 
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169. The metjhod in claim 166 further comprising the 
steps, in thfe client computer, of: 

verifying/ using a predefined cryptographic 
parameter stored in the client computer, the public key 
associated with the object provider so as to define a 
certified public key of the object provider; and 

verifying, using the certified public key of the 
object provider, the signature in the license as 
generated by "he object provider so as to define a 
verified signature; and 

extracting, from the verified signature, the 
expected value! of the first parameter, the encryption key 
and the usage tights. 



1 170. The method in claim 169 wherein the value of the 

2 watermark key defines a pointer to a location in the 

3 watermarked objject at which the specific one watermark 

4 appears. 

1 171. The methodlin claim 170 wherein the location is a 

2 starting location. 
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172. The method p_n claim 169 wherein all of the plurality 
of said watermarks embedded in the object contain an 



identical watermc. 



rk value. 



173. The method i 



identification va 
first parameter, 



n claim 172 wherein the identical 



watermark value contains a concatenation of a product 



Lue associated with the object, as the 
and a vendor identification value 



associated with the object provider 
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174. The method in claim 172 further comprising the 
steps, in the client computer, of: 

decrypting the object, as downloaded by the object 
provider to tlhe client computer, using the decryption key 
in the license so as to yield a decrypted 



specified 
version of thk 
reading t 
the decrypted 



is a symmetric 
used, by the o 
order to produ 



object; and 
he value of the specific one watermark in 
version of the object. 



175. The method in claim 174 wherein the decryption key 



encryption key which has been previously 
Dject provider, to encrypt the object in 
e the encrypted version of the object. 



1 176. In a netwdrked client-server environment, apparatus 

2 for use in conjunction with a digital rights management 

3 system, the apparatus comprising: 

4 a client computer connected to the network, the 

5 client computer \having : 

6 a processor; 

7 a memory having computer executable 

8 instructions stored therein; and 

9 an enfdrcer, contained within the digital 

10 rights management! system, for controlling use of 

11 watermarked software objects, wherein the enforcer stores 

12 a predefined watetmark key which defines a specific one 

13 of a plurality of Iwatermarks embedded in the watermarked 

14 software object td be used by the enforcer in 

15 subsequently controlling use of each one of said 

16 watermarked software objects, and wherein the watermark 
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17 key expires after a predefined period of time elapses 

18 since said key was initially stored in the enforcer; 

19 wherein the processor, in response to the 

20 stored executable instructions: 

21 \ establishes a network connection to a 

22 server; \ 

23 \ issues a request to the server for a new 

24 watermark key; and 

25 1 utilizes either the predefined watermark 

26 key or the new watermark key, as received from the 

27 server, for trie predefined watermark key for subsequent 

28 use in controlling access to the watermarked software 

29 objects until Isuch time as the predefined key has expired 

30 after which the new watermark key is used instead; and 

31 the server, connected to the network, which, in 

32 response to the request: 

33 selects, if the predefined key has not been 

34 revoked for thelclient computer, another one of a 

35 predefined plurality of predetermined watermark keys for 

36 use in controlling access to the software watermarks 

37 objects as the new watermark key; 

38 sends the new watermark key to the client 

39 computer; and \ 

40 if the predefined key has been revoked, does 

41 not supply the new! watermark key to the client computer. 



1 

2 



177. The apparatus lin claim 17 6 wherein the network 
connection comprises a secure connection. 
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r|atus in claim 177 wherein the server is 

a publisher of any one of the watermarked 
s or a vendor of said one object, or a 
uthority . 



th 



ec t 



179. The apparatus in claim 178 wherein: 

the client computer, in response to the stored 
instructions and in conjunction with the request, also 
supplies the server with an existing certificate for a 
predefined puqlic key associated with the client 
computer; and 

the server, if the existing certificate for the 
public key has not been revoked by the server, provides 
the client computer with the new watermark key. 
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180. In a netwolrked client-server environment, a method 
for use in conjunction with a digital rights management 
system, \ 

in a client computer connected to a network, the 
client computer paving: a processor; a memory having 
computer executable instructions stored therein; and an 
enforcer, contained within the digital rights management 
system, for controlling use of watermarked software 
objects, wherein Ithe enforcer stores a predefined 
watermark key which defines a specific one of a plurality 
of watermarks embedded in the watermarked software object 
to be used by thelenforcer in subsequently controlling 
use of each one ofi said watermarked software objects, and 
wherein the waternkrk key expires after a predefined 
period of time elapses since said key was initially 
stored in the enfolcer; wherein the method comprises the 
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steps, upon expiration of the watermark key, performed by 
the processor, /in response to the stored executable 
instructions, of: 

establishing a network connection to a servers- 
issuing a request to the server for a new 
and 

izes either the predefined watermark key or 



watermark key; 

util 



the predefined 
controlling ac 



the new watermark key, as received from the server, for 



watermark key for subsequent use in 
;ess to the watermarked software objects 
until such timfe as the predefined key has expired after 
which the new watermark key is used instead; and 

in the seiver, connected to the network and, in 
response to the request, the steps of: 

selecting, only if the predefined key has not 
been revoked for the client computer, another one of a 
predefined plurality of predetermined watermark keys for 
use in controlling access to the software watermarks 
objects as the new watermark key; 

sending the new watermark key to the client 
computer; and 

if the predefined key has been revoked, not 
sending the new watermark key to the client computer. 

181. The method in claim 180 wherein the network 



connection comp 

182. The method 
associated with 
software ob j ect 



rises a secure connection. 

in claim 181 wherein the server is 
a publisher of any one of the watermarked 
s or a vendor of said one object, or a 



watermarking authority. 
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in the c: 
instructions 

sua 
certificate 



183. The method in claim 182 further comprising the steps 
of: 

lient computer and in response to the stored 
and in conjunction with the request: 
plying the server with an existing 
or a predefined public key associated with 
the client computer; and 

in the server, if the existing certificate for the 
public key ha:> not been revoked by the server, providing 
the client conputer with a new certificate, for the new 
watermark key. 



184. In a netv^o 
for obtaining 
management sysjt 

a client 
client compute 
a prep 



instructions s 
an e 



rked client-server environment, apparatus 
watermark key for use in a digital rights 

em, the apparatus comprising: 

omputer connected to the network, the 
having : 

cessor ; 



a memory having computer executable 



ored therein; and 
dforcer, contained within the digital 
rights management system, for controlling use of 
watermarked software objects, wherein the enforcer is 
capable of storing a predefined watermark key which 
defines a specific one of a plurality of watermarks 
embedded in the Watermarked software object to be used by 
the enforcer in (subsequently controlling use of each one 
of said watermarked software objects; 

whereim, if the enforcer does not then possess 
the watermark key, the processor, in response to the 
stored executable instructions: 
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estabMshes a network connection to a 



server; 



issuep a request to the server for a 
watermark key; and 

storefe the watermark key, received from 
the server, within tie enforcer for subsequent use in 
controlling access to watermarked software objects; and 

the server, connected to the network, which, in 
response to the request: 

selects, one of a predefined plurality of 
predetermined watermark keys for use in controlling 
access to the software watermarked objects as the 
watermark key; 

downloads the watermark key to the client 

computer . 

185. The apparatus in claim 184 wherein the request 



contains a public key 
and 

the server, in r 



associated with the client computer 



;sponse to the request: 
encrypts the watermark key using the public key 
of the client computer so as to yield the encrypted key; 
and 

downloads the encrypted key to the client 
computer as the watermark key; and 



the client comput 
upon receipt 



er : 



of the watermark key, decrypts the 



encrypted key using a private key associated with the 
client computer so as jto yield a decrypted key; and 

stores the decrypted key as the watermark key. 
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186. The apparat" 
connection compri 



associated with a 
software objects 



s in claim 185 wherein the network 
ses a secure connection. 



187. The apparatus in claim 186 wherein the server is 



publisher of any one of the watermarked 
or a vendor of said one object , or a 



watermarking authority . 

188. In a networked client-server environment, a method 
for obtaining a watermark key for use in a digital rights 
management system, 

in a client computer connected to a network, the 
client computer having: a processor; a memory having 
computer executable! instructions stored therein; and an 
enforcer, contained! within the digital rights management 
system, for controlling use of watermarked software 
objects, wherein the enforcer is capable of storing a 
predefined watermark! key which defines a specific one of 
a plurality of watermarks embedded in the watermarked 
software object to be used by the enforcer in 
subsequently controlling use of each one of said 
watermarked software objects; wherein the method 
comprises the steps, performed by the processor, if the 
enforcer does not then possess the watermark key and in 
response to the stored! executable instructions, of: 

establishing! a network connection to a server; 

issuing a request to the server for a watermark 

key; and 

storing the watermark key, received from the 
server, within the enfoccer for subsequent use in 
controlling access to watermarked software objects; and 
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24 in the server, connected to the network and in 

25 response to the request: 

26 selecting, one of a predefined plurality of 

27 predetermined watermark keys for use in controlling 



28 access to the software watermarked objects as the 

29 watermark key; 

30 downloading the watermark key to the client 

31 computer. 

1 189. The method in claim 188, wherein the request 

2 contains a public key associated with the client 

3 computer, comprising the steps of: 

4 in the server, in response to the request: 

5 encryptling the watermark key using the public 

6 key of the client! computer so as to yield the encrypted 

7 key; and 1 

8 downloading the encrypted key to the client 

9 computer as the watermark key; and 

10 in the processor, in response to the stored 

11 instructions: 1 

12 upon receipt of the watermark key, decrypting 

13 the encrypted key using a private key associated with the 

14 client computer so as to yield a decrypted key; and 

15 storing the decrypted key as the watermark key. 

1 190. The method in 61 aim 189 wherein the network 

2 connection comprises a secure connection. 



1 

2 



191. The method in claim 190 wherein the server is 
associated with a publisher of any one of the watermarked 



3 software obje 

4 watermarking 
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ts or a vendor of said one object, or a 
uthority . 



